#StackBounty: #malware #webserver #reverse-engineering Strange HTTP request from binaryedge.ninja

Bounty: 50

I found the following strange HTTP request apparently emanating from binaryedge.ninja:

 min-li-ustx-12-13-65991-x-prod.binaryedge.ninja - - [05/Jan/2020:07:18:48 -0500] "GET / HTTP/1.0" 302 212 "-" "-"
 min-extra-grab-108-ustx-prod.binaryedge.ninja - - [05/Jan/2020:07:18:52 -0500] "GET / HTTP/1.0" 302 212 "-" "-"
 min-extra-grab-108-ustx-prod.binaryedge.ninja - - [05/Jan/2020:07:18:54 -0500] "HELP" 400 226 "-" "-"
 min-extra-grab-108-ustx-prod.binaryedge.ninja - - [05/Jan/2020:07:18:54 -0500] "x1bx84xd5xb0]xf4xc4x93xc50xc2Xx8cxdaxb1xd7xacxafnx1dxe1x1ex1a3*x85xb7x1d'xb1xc9kxbfxf0xbc" 400 226 "-" "-"
 min-extra-grab-108-ustx-prod.binaryedge.ninja - - [05/Jan/2020:07:18:56 -0500] "x16x03x01" 400 226 "-" "-"
 min-extra-grab-108-ustx-prod.binaryedge.ninja - - [05/Jan/2020:07:18:58 -0500] "xbdxffx9exffExffx9exffxbdxffx9exffxa4xffx86xffxc4xffxbexffxc7xffxdbxffxeexffx\d9xffxedxffxa4xffx9dxffxcfxffxd8xffxe5xffx04xffx12xff0xffxb1xffxbdxffxe7xffxe2xffxddxffxdcxffxdexffxc8xffxccxffxbexffxf8xff&xffx01xffx0fxffxf5xffx06xffxffxffxf7xff!xffxdexffx02xff&xffx0cxffx01xffxf5xff" 400 226 "-" "-"

Looking around the web, I see similar log messages on other publicly visible web logs and one suggesting some connection to Gh0st.

Anyone have any idea what this is, and by this company would appear to be attacking my server and others?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.